files_texteditor icon indicating copy to clipboard operation
files_texteditor copied to clipboard
verified publisher icon nextcloud

Content Security Policy prevents ACE workers from being created

Open danxuliu opened this issue 7 years ago • 0 comments

Since the update from ACE 1.2.5 to ACE 1.2.8 the workers, which are used for syntax checking, no longer work. The following error can be seen in Chromium JavaScript console:

Refused to create a worker from 'blob:http://127.0.0.1:8000/33b08d1a-f3ea-4a32-90b0-a77579f9a95c' because it violates the following Content Security Policy directive: "script-src 'nonce-SmdaNmhHM1JLeHU3dW5pNmFVY3IwekphTGRQQkRZMElwMW1YdFRJSktWMD06UjBFQ3dGV0dIa3JQd2pMS0x6ZHlpbXNBWmVYMVlMMWEzd0Q1MEY1aWN4az0=' 'unsafe-eval'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

This happens in stable13 and current master branches.

Note that using return new Worker(workerUrl); (like it was done before) instead of return new Worker(blobURL); solves the problem (obviously that is not a fix; it just a little more information for whoever is going to fix this ;-) ).

danxuliu avatar Feb 12 '18 18:02 danxuliu